TOC & Recently Viewed

Recently Viewed Topics

LDAP Servers with Multiple OUs

Tenable’s SecurityCenter LDAP configuration does not currently support the direct addition of multiple Organizational Units (OUs) in the LDAP configuration screen. Two deployment options are possible for those with multiple OUs.

Option 1 (Recommended)

Ad a container (e.g., group) only for SecurityCenter users and allow existing Active Directory users to become members of the newly created group. Use the Distinguished Name (DN) of this group as the Search Base. For example:

CN=SecurityCenter,DC=target,DC=example,DC=com

Save the changes and new users who are members of this group will be able to log in. No restart is required.

Example

  1. Log in as an admin user.
  2. Click System > Configuration > LDAP.

  3. Log out as the admin user and then log in as the organizational user who will be managing the user in question.
  4. Create the new user. Type the LDAP Search String as =*.

Option 2

Use a high level Search Base in the LDAP configuration. For example:

DC=target,DC=example,DC=com

The example above could be used along with a Search String for global usage. This search string, when used in the configuration, will apply to all LDAP searches.

memberOf=CN=nested1,OU=cftest1,DC=target,DC=example,DC=com

Note: This option is currently limited to 128 characters; we will extend the viewable window and increase the allowed length going forward.

Example

Step One:

  1. Log in as an admin user.
  2. Click System > Configuration > LDAP.

  3. Click Test LDAP Settings to test configurations.
  4. Log out as the admin user and then log in as the organizational user who will be managing the user in question.
  5. Create the new user:

    Choose LDAP:

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.